New to GnuPG, having some difficulty
angel at pgp.16bits.net
Sun Mar 7 23:04:22 CET 2021
On 2021-03-07 at 00:17 +0000, Mundis wrote:
> Hello gnupg-users!
> I have recently been required to use GnuPG to encrypt messages, and
> have been endeavouring to create a master key however I think I have
> I created and deleted some keys while I was trying to work it out and
> now I cannot make heads or tails of my keyring.
> Quite simply there are keys and subkeys and secret keys and they all
> seem to have the same ID. I haven't shared anything as yet, so I
> would like to start again and hopefully achieve some clarity in the
> process on my second attempt.
> > Is there a safe way to delete everything and start over?
You can delete everything and start over by doing:
gpgconf --kill all
rm -rf $HOME/.gnupg
although, as you are asking for a 'safe' way, you may prefer to rename
the .gnupg folder to something else. Deleting this folder is not a
problem since you didn't use any key so far, but for anyone else it
would be a very bad idea, as it would remove all public and private
keys the user had created.
> Also, I need to create and export a public key *and* an encryption
> subkey. I've been reading everything I can find online, but honestly
> I'm finding it to be quite difficult to discipher.
You only need to create a public key that uses a separate encryption
subkey (which is the default nowadays). Exporting this key will export
both the master key and the encryption subkey.
So in your case it will be enough to do something like:
gpg --export jarramundi at protonmail.com > mykey.pub
> > If there are any clear cut human readable guides for GnuPG I would
> appreciate knowing where they are.
> I am using Arch Linux, with fish shell and micro text editor.
The GNU Privacy Handbook <https://gnupg.org/gph/en/manual.html> is a
bit old, but other than the new key algorithms, it should cover the
basics. Where are you having problems?
Also note, you will probably be exchanging GnuPG encrypted messages by
email. Although it's possible to manage them through the command line
(particularly when not using PGP/MIME, which would be harder), it will
help immensely if you use a mail client which supports this format.
Received mails are automatically decrypted (well, after prompting you
for your passphrase), and sending encrypted mails is just clicking a
button in the toolbar to enable it, and the client does the rest for
you, which (a) is easier and (b) avoids human errors such as not
encrypting to all recipients.
Caveat: it needs to be properly configured, for outgoing encryption on
your system (e.g. having the keys for the people you are going to write
to) and for the decryption to work by whoever is sending you mails
(I have seen too many mails where someone tried to send a PGP mail by
pasting an armored PGP block in a html mail instead of doing it the
> Thanks in advance, and I apologise if I'm asking basic questions,
> it's not often I feel like a novice but this encryption business has
> me doing so.
> Kind Regards.
Not a problem. Happy to help.
More information about the Gnupg-users